1. Field of the Invention
The present invention relates to a cryptographic processing apparatus and, more particularly, to a cryptographic processing apparatus that is enhanced in the durability against power analysis known as cryptographic analysis processing or attack processing.
2. Description of the Related Art
With IC (Integrated Circuit) cards, the data to be transferred is encrypted in order to prevent the secret information stored in each IC card from being leaked in the course of transfer with a host computer.
A currently most often used encryption method is DES (Data Encryption Standard).
In DES, a same key is shared between the owner of an IC card and the host computer for the encryption of data, the data transmitting side encrypts data by use of this key and transmits the encrypted data, and the data receiving side decrypts the received encrypted data by use of the same key to take out messages.
Consequently, if a malicious third party tries to intercept the data, it is difficult to take out messages unless the third party also has the key.
The key for use in encryption and decryption is stored in such a nonvolatile memory in each IC card as an EEPROM, for example.
Security of the IC card is maintained by employing a configuration in which providing control such that the key data is transferred directly to a cryptographic engine incorporated in the IC card without passing the CPU at the time of encryption and decryption, thereby making it substantially impossible for the owner of the IC card and even IC card developing engineers to take out the key data.
However, an attacking method called DPA (Differential Power Analysis) was reported by P. Kocher, et al., by which the electric current consumption of an IC card is measured and statistical processing is performed on the measurement, thereby taking out the key.
In this DPA attack, an encryption operation can be executed by use of approximately 1,000 different plaintexts to measure the waveforms of consumed electric current, thereby statistically processing the measure consumed electric current to take out the key.
For a method of counteracting the DPA attack, a technology disclosed in Japanese Patent Laid-Open No. 2004-347975, for example, is known.
In the disclosed technology, one-bit data is developed into two-bit values having a same Hamming weight. For the transition of data by an operation, two phases are arranged, an evaluation phase and a precharge phase.
Then, control is executed that transition is first made to a state of neither “0” nor “1” and then to the data obtained after executing the operation, thereby preventing an electric current change involved in the transition of computed values from being detected.
To be more specific, assume that a cryptographic operation is executed with data “0” set to “01” and data “1” set to “10” for example. Then, if the data changes by a round operation, transition is first made to “00” for example and then to the data resulted from the operation.
Namely, if the transition is expressed as follows, the transition of each bit based on the operation caused a change of only one bit for all transitions regardless of an operation result, thereby making it difficult to get the key from an electric current change.
Transition from “0” to “0”: “01” to “00” to “01”
Transition from “0” to “1”: “01” to “00” to “10”
Transition from “1” to “0”: “10” to “00” to “01”
Transition from “1” to “1”: “10” to “00” to “10”